ChannelVision Magazine

and accurate. GDPR also will prevent companies from holding onto data lon- ger than needed. GDPR applies to two groups: data controllers, or companies that main- tain relationships with European con- sumers, and data processors, which are companies that process personal data for controllers. Altogether there are 173 Recitals, which outline the law’s goals and ob- jectives, and 99 Articles which explain the specific new regulations. Temper expectations It’s understandable that channel partners might be chomping at the bit to talk to their global customers about GDPR compliance. We’re here to tell you to hold your horses. Slow down, and think about your strategy before you approach your customers con- cerning this sensitive issue. As it turns out, for instance, GDPR may not be that big of a sales opportunity — at least not right away. Instead of trying to save the day and make your clients fully GDPR compliant, which is a mas- sive, multi-step process, focus on winning the long-term game by serv- ing as a trusted advisor that can help educate your customers about the issue, form a strategy and point them to the right services. “We’ve all got a part to play in the execution of this,” explained Crayon UK country manager Rich- ard Lockey, during a GDPR debate. “But if anyone thinks they’re go- ing to walk in and solve a GDPR problem for one of their clients, and sign a contract on the back of it that says you are now GDPR compliant, good luck.” Interestingly, despite the fear- mongering in the media, many IT professionals across Europe don’t even seem to be too concerned about GDPR compliance right now. Consider findings from a recent CRN study that show only 3 percent of IT leaders in the UK said they had completed GDPR preparations and fully tested their compliance. Less than a fifth of MSPs, resellers and consultancies in Europe, meanwhile, believe GDPR will have any teeth after May 25, indicating that many could continue doing exactly what they have been in the past. And when reseller respondents were asked how they view GDPR in terms of the opportunities and challeng- es it represents for their businesses, just 24 percent expected a huge wind- fall for extra technology and consul- tancy sales. Just less than a quarter (22 percent) said it won’t be a huge sales opportunity, but it will be a chance to cement relationships with customers; while 35 percent said it will be an op- portunity and potential headache. Less than 10 percent said it primarily will be a headache; and 12 percent of respon- dent hadn’t even heard of GDPR. Some of the Major Cybersecurity Changes Expected with GDPR Breach notification Local regulators must be informed of a breach within 72 hours after its discovery. In the event of a high-risk breach, all subjects — meaning people such as customers, employees and vendors — need to be informed as well. Risk assessment Businesses will need to assess what they are doing with the data they collect, and develop control systems to mitigate risk for their subjects. Strict record keeping Companies with more than 250 employees, and those collecting specific types of information, will need to keep accurate records and make them available to regulators. Maintenance All systems that process personal data must be updated and maintained to ensure security, integrity, availability and resiliency. Subject rights GDPR gives data subjects the right to inquire about how businesses are using their personal information. If businesses fail to provide this data, it can result in a complaint and penalties may be enforced. Subjects also can force businesses to fix incorrect data, erase their data and request copies of their data to provide to other businesses. Businesses have one month to comply with data requests. Cookies This is a big one. GDPR basically says that when cookies are used to identify an individual through a device, the data is viewed as personal information. This means cookies must be in line with GDPR expectations. Companies can either stop collecting cookies altogether or ask for specific consent. Businesses that do use cookies need to give customers the ability to opt out at any time. IT Professionals in North America Who Are Prepared for the General Data Protection Regulation (GDPR), Nov 2017 Source: UBM; Erwin annels ?” 59% 37% Completely prepared 6% % of respondents Somewhat prepared 39% Beginning to prepare 27% Not at all prepared 11% Not required/ GDPR does not affect us 17% Cyber Patrol Channel Vision | March - April, 2018 24